summaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2018-02-21 11:36:32 -0500
committerMimi Zohar <zohar@linux.vnet.ibm.com>2018-03-23 06:31:37 -0400
commit9e67028e76514a8ee279d7d006dfb8069b5115ab (patch)
tree9827bd28b629bf69db447666494194d118d58e25 /Documentation
parenta9a4935d44b58c858a81393694bc232a96cdcbd4 (diff)
downloadlinux-9e67028e76514a8ee279d7d006dfb8069b5115ab.tar.gz
linux-9e67028e76514a8ee279d7d006dfb8069b5115ab.tar.bz2
linux-9e67028e76514a8ee279d7d006dfb8069b5115ab.zip
ima: fail signature verification based on policy
This patch addresses the fuse privileged mounted filesystems in environments which are unwilling to accept the risk of trusting the signature verification and want to always fail safe, but are for example using a pre-built kernel. This patch defines a new builtin policy named "fail_securely", which can be specified on the boot command line as an argument to "ima_policy=". Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Miklos Szeredi <miklos@szeredi.hu> Cc: Seth Forshee <seth.forshee@canonical.com> Cc: Dongsu Park <dongsu@kinvolk.io> Cc: Alban Crequy <alban@kinvolk.io> Acked-by: Serge Hallyn <serge@hallyn.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/admin-guide/kernel-parameters.txt8
1 files changed, 7 insertions, 1 deletions
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 1d1d53f85ddd..2cc17dc7ab84 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1525,7 +1525,8 @@
ima_policy= [IMA]
The builtin policies to load during IMA setup.
- Format: "tcb | appraise_tcb | secure_boot"
+ Format: "tcb | appraise_tcb | secure_boot |
+ fail_securely"
The "tcb" policy measures all programs exec'd, files
mmap'd for exec, and all files opened with the read
@@ -1540,6 +1541,11 @@
of files (eg. kexec kernel image, kernel modules,
firmware, policy, etc) based on file signatures.
+ The "fail_securely" policy forces file signature
+ verification failure also on privileged mounted
+ filesystems with the SB_I_UNVERIFIABLE_SIGNATURE
+ flag.
+
ima_tcb [IMA] Deprecated. Use ima_policy= instead.
Load a policy which meets the needs of the Trusted
Computing Base. This means IMA will measure all